6 comments:
File src/security/intel/stm/Kconfig:
Patch Set #6, Line 5: bool "Enable STM"
Please give more details here, what STM is, and why it should be enabled.
Done
File src/security/intel/stm/Makefile.inc:
Patch Set #6, Line 2: # put the stm where is can be found
where *it*
Done
Patch Set #6, Line 4: cbfs-files-y += stm.bin
the convention here would be to replace -y with $(CONFIG_STM) so I'm wondering why you did not do th […]
no, just still figuring this out.
File src/security/intel/stm/SmmStm.h:
Patch Set #6, Line 20: #define IA32_VMX_BASIC_MSR_INDEX 0x480
is there any reason not to just put these in src/include/cpu/x86/msr. […]
Done
File src/security/intel/stm/SmmStm.c:
Patch Set #6, Line 27: #define RDWR_ACCS 3
It would be much better if we could get most of these constants in a generic place. […]
Agreed. Some of these could be merged with the TXT support as the STM does utilize the TXT registers when available. Others, like the IA32_PG_*, I am not so sure about since they are related to page tables and a quick scan of the source didn't turn up anything related.
File src/security/intel/stm/StmPlatformSmm.c:
Patch Set #6, Line 51: StmImageSize = cbfs_boot_load_file("stm.bin", MsegBase, StmBufferSize,
Maybe do measurements here
Done
To view, visit change 33234. To unsubscribe, or for help writing mail filters, visit settings.